ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM does not claim content is correct

2009-01-27 15:02:19
JD,

I fear you missed my point:

      "Identity of the user or agent (e.g., a mailing list manager) on
      behalf of which this message is signed"

does not mean that that user or agent was the author.  So the value might be 
wonderfully stable, but its semantics say nothing about authorship.



To repeat:

      There is nothing in DKIM that says or implies that it makes
      an assertion of valid From: field data.

Any use of DKIM for validation of From: field contents goes beyond the base 
specification.  For example, ADSP travels that path.

d/


J.D. Falk wrote:
What is delivered can be verified as what was sent.  But what was sent is 
still 
free to be incorrect.

With DKIM i=, it becomes possible to convey a stable identifier (though of 
course there's no guarantee that the identifier is stable, leading to John's 
t= suggestion.)  Without DKIM (or something like it), as we know, any 
potential identifiers are trivially forged.

As Suresh pointed out, DKIM doesn't convey anything about who is using 
Grandma's login credentials (in the case where Grandma's login credentials 
can be associated with a stable, authenticatable identifier), but I'd say 
that's out of scope here.


-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html